Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it possible for a Virus to install a password


  • Please log in to reply
11 replies to this topic

#1 Wh0

Wh0

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 30 April 2015 - 08:17 AM

on the bios?



Mod Edit, moved to General Security ~~ boopme


Edited by boopme, 30 April 2015 - 03:40 PM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 02 May 2015 - 12:16 PM

Is this just a hypothetical question or do you have a problem with your computer?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 04 May 2015 - 07:56 AM

Yes and Yes.

 

I'm a student studying computer basics at a VoTech, I was given a Dell Latitude.

 

The Latitude's Bios is Password protected.

 

I did a clean install of Windows Pro last week to get rid of the virus, the laptop is catching up on Windows updates.

 

The warranty expired in April of 2014, Dell tells me I need a new motherboard, if I don't want the bios password protected.

 

I'd like to try and locate the eeprom chip. my instructor doesn't think that is possible.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 04 May 2015 - 08:19 AM

I'm a student studying computer basics at a VoTech, I was given a Dell Latitude.


Who gave you that laptop? If it's the school, maybe the IT department put a password on the BIOS themself. You could ask them about it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 04 May 2015 - 08:57 AM

Vocational Rehab gave me the laptop, it was returned to them by another student that said it wasn't powerful enough.

 

I doubt that I'll keep it though, I do want to play with it for future reference if I come across this again.

 

From what I've been reading online, a lot of second hand laptops are sold with the bios being password protected.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 04 May 2015 - 09:06 AM

A lot of them do, yes. And the common tricks used to remove the password doesn't work as well. Sometimes you can call the manufacturer and ask them for the master password for your laptop to unlock it and then remove it, however, you need a proof of purchase and if you bought it as a second-hand, they might refuse to do that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 04 May 2015 - 09:15 AM

I contacted Dell support, the password they provided did not unlock the bios, VR is trying to contact the student that had it previously to see if she changed the password or still has the original documentation.

 

Dell said my only other option would be to purchase a new mother board.

 

Even with the bios locked, the laptop is in decent shape and will provide years of service for someone.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 04 May 2015 - 09:19 AM

Yes, it will. It's just a big issue if you ever have issues with the laptop and you need to access the BIOS for troubleshooting. That's how I see it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 07 May 2015 - 08:18 AM

The laptop slowly updated windows and during one critical update windows defender detected the same virus.  I downloaded Kaspersky to quickly dispatch the virus to parts unknown.

The virus realizing Kaspersky was hunting it, stopped and rebooted the computer.

This morning I am formatting and filling the hard drive with zero's.

What are the chances the Virus has infected the BIOS?



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 07 May 2015 - 08:43 AM

What are the chances the Virus has infected the BIOS?


Bios (firmware) virus's exist but are very rare. Researchers have demonstrated in a test environment proof-of-concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of some systems so that it could survive a reformat and reinfected a clean disk. This type of malware exists primarily in-the-wild and is not generic...meaning it's vendor specific and cannot modify all types of BIOS. Although in February 2015, Kaspersky Labs reported "persistent, invisible espionage malware inside the firmware of hard drives compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung". This particular threat targeted government and military institutions, telecom and energy companies, nuclear research facilities, oil companies, encryption software developers, and media outlets.This is a quote from my Security Colleague, Elise who works with the Emsisoft Anti-Malware Research Team.

Firmware is typically a small piece of software coded directly into a device (for example a video card or DVD writer) necessary for the device to function correctly. This code is highly device-dependent, different manufacturers and different models all require specific firmware. For that reason a firmware infection is not only highly unlikely but also very impractical for a malware writer. Someone who wants to create a successful infection not only needs to make sure the malware stays on the system (by making it harder to detect and delete), but also that it is distributed on a large scale. Deploying a firmware rootkit on a large scale is close to impossible as you'd have to write a lot of different versions for different hardware models.

These articles explain the complexity of the UEFI (Unified Extensible Firmware Interface), secure boot protocol and exploitation.Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than a BIOS virus.

Fortunately, as the below articles note, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Wh0

Wh0
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Naples, Florida
  • Local time:03:27 PM

Posted 07 May 2015 - 09:00 AM

Thank you for the information, overwriting the hard drive twice took about a half hour.  Getting ready to do the reinstall and updates. 

looks like a little bit of reading to keep me occupied :bubbles: 

 



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 07 May 2015 - 02:36 PM

No problem...enjoy your reading.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users